Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/XsEQKonOzbCyg0bNofQH8qCMzZA.roa
File:                     XsEQKonOzbCyg0bNofQH8qCMzZA.roa (raw, json)
Hash identifier:          p1b9onbhDojIhV4i6qsyMbA1TavVpRDn1jJ1eW/nzGc=
Subject key identifier:   5E:C1:10:2A:89:CE:CD:B0:B2:83:46:CD:A1:F4:07:F2:A0:8C:CD:90
Certificate issuer:       /CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
Certificate serial:       019C55DB7A0C9EAA1F84F04E6F888A168BAD
Authority key identifier: 4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/XsEQKonOzbCyg0bNofQH8qCMzZA.roa
Signing time:             Fri 13 Feb 2026 07:16:12 +0000
ROA not before:           Fri 13 Feb 2026 07:16:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        78.24.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:55:db:7a:0c:9e:aa:1f:84:f0:4e:6f:88:8a:16:8b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
        Validity
            Not Before: Feb 13 07:16:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ec1102a89cecdb0b28346cda1f407f2a08ccd90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:76:e1:70:5d:cb:97:52:d0:61:fe:bf:df:80:
                    aa:38:53:73:88:a1:58:7e:6a:3b:c9:a7:1d:b6:a4:
                    8d:b6:a0:d8:6a:cb:5e:55:b8:8c:72:2d:4b:23:df:
                    81:14:83:dd:c0:77:61:d2:3f:1c:a7:2e:7d:fb:67:
                    45:c8:ae:61:11:35:08:e2:8b:1a:de:fe:25:ac:f1:
                    b8:65:93:94:ee:20:f9:9a:b6:84:e2:9c:a2:84:b3:
                    fe:1a:0b:b5:bb:84:c6:b6:61:1a:20:19:a0:0a:5c:
                    93:5f:b1:38:ce:68:51:30:aa:ed:aa:ea:88:82:8d:
                    ce:65:ab:8e:1d:e1:b5:40:f3:e2:2d:38:a4:41:db:
                    7b:e3:98:4e:7c:60:bd:96:94:01:2b:ba:ec:8b:f6:
                    a0:c2:fb:d5:f8:91:a4:ee:fe:fd:06:e8:fc:54:d5:
                    c0:7b:ff:83:9d:4c:dc:6f:07:00:bd:a8:ac:6c:ad:
                    b3:4c:50:57:d9:08:0e:be:20:79:6a:20:5f:14:92:
                    97:c0:da:82:03:a5:9e:c6:74:e3:14:e7:3b:04:df:
                    06:e4:bf:08:89:e3:c6:7c:48:29:4c:93:17:69:88:
                    14:10:8b:e9:39:f9:24:c8:f3:af:d5:32:bc:82:e4:
                    aa:d3:46:e5:95:16:19:71:6c:3c:08:be:f6:00:b3:
                    b0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C1:10:2A:89:CE:CD:B0:B2:83:46:CD:A1:F4:07:F2:A0:8C:CD:90
            X509v3 Authority Key Identifier:
                keyid:4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/XsEQKonOzbCyg0bNofQH8qCMzZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:1f:ea:92:93:fe:47:bf:19:3c:33:b3:ee:91:24:64:fa:65:
         ea:41:c8:8d:39:c1:75:7e:4f:e9:17:d1:3d:7f:da:e8:af:15:
         23:f8:e5:74:36:d5:0b:44:38:6f:99:16:ba:ab:5d:98:06:0c:
         99:bd:67:af:b3:0e:04:cd:83:9f:19:30:b9:fc:19:4c:29:ee:
         e4:c8:2f:c9:f5:ad:35:f1:da:69:1d:e0:93:b3:59:4c:eb:4b:
         37:50:54:95:57:fa:43:22:a5:84:d6:86:ab:14:22:05:24:6d:
         f0:73:34:9f:cc:7f:02:8c:d2:54:aa:00:94:10:08:c4:93:46:
         7c:bf:01:c7:32:fc:06:91:5e:a7:f6:54:48:8a:48:05:4a:83:
         2f:55:9e:b9:a1:04:e5:11:b1:af:13:09:ba:17:16:70:aa:96:
         d3:9b:8e:4b:9e:e1:11:8a:a8:f9:68:80:f7:00:d1:d9:b2:da:
         be:d2:11:a9:b2:4d:2b:6d:8a:0e:86:8f:7a:3e:75:aa:36:02:
         ee:05:ea:d9:e7:03:fd:6a:1f:2e:56:3e:0f:9c:cb:21:19:75:
         9b:d0:2f:af:3f:fb:20:67:cd:f7:a6:71:13:79:b2:60:30:57:
         e3:ec:14:d2:39:81:4a:fe:a1:e1:e2:10:4d:47:fb:e6:cc:fd:
         bb:42:28:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxV23oMnqofhPBOb4iKFoutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzhjYWE3NzQxZjk5YjlmYmNhNGY0OTQzYzhiNzlmMDBi
ZWJmZjgwHhcNMjYwMjEzMDcxNjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMxMTAyYTg5Y2VjZGIwYjI4MzQ2Y2RhMWY0MDdmMmEwOGNjZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXbhcF3Ll1LQYf6/34CqOFNziKFY
fmo7yacdtqSNtqDYasteVbiMci1LI9+BFIPdwHdh0j8cpy59+2dFyK5hETUI4osa
3v4lrPG4ZZOU7iD5mraE4pyihLP+Ggu1u4TGtmEaIBmgClyTX7E4zmhRMKrtquqI
go3OZauOHeG1QPPiLTikQdt745hOfGC9lpQBK7rsi/agwvvV+JGk7v79Buj8VNXA
e/+DnUzcbwcAvaisbK2zTFBX2QgOviB5aiBfFJKXwNqCA6WexnTjFOc7BN8G5L8I
iePGfEgpTJMXaYgUEIvpOfkkyPOv1TK8guSq00bllRYZcWw8CL72ALOwDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7BECqJzs2wsoNGzaH0B/KgjM2QMB8GA1UdIwQY
MBaAFEt4yqd0H5m5+8pPSUPIt58Avr/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMt
NjNjZWQ4NzYyMDQyLzEvWHNFUUtvbk96YkN5ZzBiTm9mUUg4cUNNelpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMtNjNjZWQ4NzYyMDQy
LzEvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThh6MA0G
CSqGSIb3DQEBCwUAA4IBAQByH+qSk/5Hvxk8M7PukSRk+mXqQciNOcF1fk/pF9E9
f9rorxUj+OV0NtULRDhvmRa6q12YBgyZvWevsw4EzYOfGTC5/BlMKe7kyC/J9a01
8dppHeCTs1lM60s3UFSVV/pDIqWE1oarFCIFJG3wczSfzH8CjNJUqgCUEAjEk0Z8
vwHHMvwGkV6n9lRIikgFSoMvVZ65oQTlEbGvEwm6FxZwqpbTm45LnuERiqj5aID3
ANHZstq+0hGpsk0rbYoOho96PnWqNgLuBerZ5wP9ah8uVj4PnMshGXWb0C+vP/sg
Z833pnETebJgMFfj7BTSOYFK/qHh4hBNR/vmzP27QigS
-----END CERTIFICATE-----